Setting up SSO for Shufflrr using Azure

Setting up SSO for Shufflrr using Azure

On Shufflrr, go to your Admin > Settings and scroll down to Authentication, under SAML Sing Sign-On, click on + Add

On Azure, go to your Azure Active Directory Admin Center.

  1. In the left menu, select Enterprise applications.
  2. Click on the + sign to create New application, Select Azure AD SAML Toolkit
  3. Name the application Shufflrr SSO (or something appropriate) and click Create
  4. In the Manage section of the left menu, select Single sign-on to open the Single sign-on pane for editing.
  5. Select SAML to open the SSO configuration page.
  6. On the Basic Simple Configuration settings, click Edit and add values from Shufflrr based off the newly created SAML Profile above, accordingly.
    1. a. Identifier (Entity DI) – https://YOURSITE.shufflrr.com
    2. b. Sign on URL – https://YOURSITE.shufflrr.com/login/samlassertionconsumerservice?id=xxxxxxxxxxxxxxxxxx
    3. c. Sign on URL – https://YOURSITE.shufflrr.com
    4. d. Relay State – Optional
    5. e. Logout URL – Optional
  7. On the Attributes & Claims settings, click Edit, click on Add a new claim and set values below, accordingly.
    1. a. Claim name & Namespace (email), Source attribute Value(user.mail)
    2. b. Claim name & Namespace (givenname), Source attribute Value(user.givenname)
    3. c. Claim name & Namespace(surname), Source attribute Value(user.surname)
    4. d. Claim name & Namespace (group), Source attribute Value(user.group)

Note that the email attribute is the unique identifier for each user. Also, the group attribute is Optional and only needed if you want you use the Enforce SAML feature of Shufflrr

  1. On the SAML Signing Certificate settings,
    1. a. Download the Certificate(Base64)
    2. b. Upload it into the Identify Provider Certificate on Shufflrr.
  1. On the Set up Shufflrr(Or your Application Name) settings, copy the values below and paste into Shuflrr’s, accordingly.
    1. a. Copy the Login URL values and Paste into the Single Sign-on Service URL textbox on Shufflrr
    2. b. Copy the Azure AD Identifier values and Paste into the Identity Provider Issuer ID textbox on Shufflrr.
    3. c. Scroll down and hit the Blue Save button.
  2. Now, go back to your Shufflrr site and download the Service Provider Certificate. Then upload this certificate back to Azure under the SAML Signing Certifcate. Scroll down and save these changes

Note that it needs to be a PFX with a password. Convert cer to pfx.

  1. If you haven’t already done so, assign users to the Shufflrr application but going to User and Groups under  the Manage section on the left. Search, select and assign users/groups accordingly.
  2. After the application is configured, users can sign into it by using their credentials from the Azure AD tenant.
  3. The process of configuring an application to use Azure AD for SAML-based SSO varies depending on the application. For any of the enterprise applications in the gallery.
  4. When done, go to an incognito browser, visit your site and the login page should look something like below.